US charges 2 hackers with alleged Chinese intelligence ties

U.S. officials on Thursday said two alleged Chinese hackers carried out an extensive campaign on behalf of Beijing’s main intelligence agency to steal trade secrets and other information from government agencies and “a who’s who” of major corporations in the United States and nearly a dozen other nations.

The indictment is the latest in a series of Justice Department criminal cases targeting Chinese cyberespionage and coincided with an announcement by Britain blaming China’s Ministry of State Security for trade-secret pilfering affecting Western nations.

The alleged hackers, one of whom is nicknamed “Godkiller,” are accused of breaching computer networks beginning as early as 2006 in a range of industries, including aviation and space, finance, biotechnology oil and gas, satellites and pharmaceuticals. Prosecutors say they also obtained the names, Social Security numbers and other personal information of more than 100,000 Navy personnel.

In a new twist reflecting corporate computing’s evolution, the hackers often infiltrated cloud computing companies and other major technology providers to indirectly reach clients’ valuable documents.

Prosecutors said the alleged hackers stole “hundreds of gigabytes” of data, breaching computers of more than 45 entities in 12 states including NASA’s Jet Propulsion Lab and Goddard Space Center. The hackers, identified as members of the group APT10, or “Stone Panda,” are not in custody. Prosecutors said their names are Zhu Hua and Zhang Shilong.

U.S. law enforcement officials say the case is part of a trend of state-sponsored hackers breaking into American networks and stealing trade secrets and other confidential information. More than 90 percent of Justice Department economic espionage cases over the past seven years involve China, said Deputy Attorney General Rod Rosenstein, and more than two-thirds of trade secrets cases are connected to the country.

“China’s state-sponsored actors are the most active perpetrators of economic espionage,” FBI Director Chris Wray said in announcing the case. “While we welcome fair competition, we cannot and will not tolerate illegal hacking, stealing or cheating.”

“China’s goal, simply put, is to replace the U.S. as the world’s leading superpower, and they’re using illegal methods to get there,” Wray said. While none of the “victim companies” was named, Wray called them a “who’s who of the global economy.”

China on Friday said the U.S. was “fabricating facts out of thin air.” A statement from Chinese foreign ministry spokeswoman Hua Chunying described the “unwarranted accusations” as a serious violation of the basic norms of international relations that was harmful to China-U.S. cooperation.

Hua accused the U.S. of hypocrisy. “It has long been an open secret that the relevant authorities of the U.S. conduct large-scale cybertheft and listen in on foreign governments, enterprises and individuals,” she said.

Secretary of State Mike Pompeo and Homeland Security Secretary Kirstjen Nielsen released a joint statement accusing China of reneging on a 2015 commitment not to seek competitive advantage through theft of trade secrets, intellectual property and confidential business information.

U.S. officials testified before Congress last week that Beijing’s continued hacking has made a mockery of that 2015 commitment by President Xi Jinping following a first-of-its-kind indictment that accused Chinese hackers of stealing corporate data from brand-name U.S. companies.

“We want China to cease illegal cyber activities and honor its commitment to the international community, but the evidence suggests that China may not intend to live up to its promises,” Rosenstein said.

Rob Silvers, a former Obama administration cybersecurity official, said cases like this create an important deterrent but should be supplemented by sanctions and other steps.

“It’s necessary to do this kind of thing, but it’s not nearly enough,” he said. “I don’t think Rod Rosenstein would tell you that it’s game, set, match.”

After a 2014 indictment against five alleged Chinese hackers, and a subsequent agreement with the U.S., Beijing at least temporarily reduced its hacking activity, Silvers said.

This case shows that “China has taken the gloves off again,” he said.

Adam Segal, a cybersecurity expert at the Council on Foreign Relations, agreed that Beijing is unlikely to be swayed by sanctions alone.

The indictment filed in federal court in Manhattan describes how in recent years, as government agencies and corporations have shifted data to cloud computing providers and services including email and collaboration tools to tech service providers, the Stone Panda hackers followed, typically stealing the log-in credentials of system administrators in order to reach coveted proprietary data of clients.

Wray likened it to “breaking into and getting the keys from the maintenance department.”

Britain’s Foreign Office accused the Chinese elite hackers of conducting a “widespread and significant” campaign of cyberespionage against the United Kingdom and its allies and “almost certainly continues to target a range of global companies, seeking to gain access to commercial secrets.”

Targeted nations named in the U.S. indictment include Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland and the United Arab Emirates.

In recent months, the Justice Department has filed separate cases against several Chinese intelligence officials and hackers. A case filed in October marked the first time that a Chinese Ministry of State Security officer was extradited to the United States to stand trial.

Hacking by Chinese state-backed hackers dramatically escalated over the summer in response to the trade war with the U.S. and military tensions in the South China Sea, said Tom Kellermann, chief cybersecurity officer of Carbon Black, whose company’s threat-hunting tool is used in global cyber investigations.

He credited the Justice Department with targeting a group that he said was China’s “most prolific hacker crew.” He said he was not optimistic that the pair would be prosecuted in the U.S., but that’s not the point.

“The Chinese are operating on a 50-year plan of information dominance, a comprehensive national strategy, and it’s high time we actually reacted,” Kellermann said.